Posted
by
msmash
on Wednesday December 07, 2016 @10:20AM
from the sudden-interest dept.

Because many businesses are wary of new software updates, let alone a new operating system, Microsoft could see a significant surge in Windows 10 install base and sales in the New Year. From a report on Fortune: Businesses have been slow to upgrade all of their corporate computers to the latest Windows OS in 2016, according to research by IT services and technology company Adaptiva. Adaptiva said Tuesday that based on its findings, it believes companies are going to be upgrading to the latest version in 2017. Adaptiva based its findings from a survey it conducted over the summer of 300 IT professionals at various businesses. The company said that 41% of the companies it surveyed have been avoiding the upgrade, and some "have gone so far as to actively resist the move by using software to prevent or disable Windows 10 installation." The survey didn't say why exactly companies were avoiding the upgrade, but the majority of respondents that did upgrade "rated the Windows 10 migration process to be somewhat to extremely challenging," the survey said. According to latest figures provided by Microsoft, Windows 10 is running on over 400 million devices.

Posted
by
BeauHDon Monday December 05, 2016 @08:05PM
from the arch-enemy dept.

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.

Posted
by
BeauHDon Monday December 05, 2016 @06:50PM
from the come-and-get-it dept.

Google is rolling out Android 7.1.1 for Pixel and Nexus smartphones, including the Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL, Nexus Player, Pixel C and General Mobile 4G (Android One). You can download it over-the-air when it becomes available "over the next several weeks" or flash it yourself. Engadget details some of the new features found in Android 7.1.1:
As for what you can find from a feature perspective, Google has added support for its "image keyboard" that lets you easily find and send pictures and GIFs without leaving your messaging app of choice. Google says it'll work inside of Hangouts, Allo, and the default Messaging app. Ironically enough, the feature has been available in the Gboard iOS keyboard that Google launched in the spring, but it's good to see it coming to more Android phones now. Android 7.1.1 also includes Google's latest set of more diverse emoji, specifically focused on showing a "wider range of professions" for women. And it also contains the excellent app shortcut feature that originally launched on the Pixel -- if you press and hold on an app's icon, a sub-menu of shortcuts will show up. You'll be able to quickly send a message to a specific contact or navigate to a saved location using these shortcuts, for example. They're very much like the "force touch" shortcuts found on the iPhone, but that doesn't make them any less useful.

Posted
by
EditorDavid
on Sunday December 04, 2016 @06:09PM
from the desirable-distro-downloads dept.

BrianFagioli shares his story on Beta News: Feeling fatigued by Windows 10 and its constant updates and privacy concerns? Can't afford one of those beautiful new MacBook Pro laptops? Don't forget, Linux-based desktop operating systems are just a free download away, folks!

Posted
by
EditorDavid
on Sunday December 04, 2016 @05:39PM
from the lawyers-for-Linux dept.

An anonymous reader quotes OStatic's update on Canonical's lawsuit against a cloud provider:
Canonical posted Thursday that they've been in a dispute with "a European cloud provider" over the use of their own homespun version of Ubuntu on their cloud servers. Their implementation disables even the most basic of security features and Canonical is worried something bad could happen and it'd reflect badly back on them... They said they've spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. Canonical feels they have no choice but to "take legal steps to remove these images." They're sure Red Hat and Microsoft wouldn't be treated like this.
Mark Shuttleworth, the founder of Ubuntu, wrote in his blog post that Ubuntu is "the leading cloud OS, running most workloads in public clouds today," whereas these homegrown images "are likely to behave unpredictably on update in weirdly creative and mysterious ways... We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that...

"To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week... When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action."

Posted
by
EditorDavid
on Saturday December 03, 2016 @11:38PM
from the forking-the-road dept.

Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register:
Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum.
Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".

Posted
by
msmash
on Friday December 02, 2016 @11:00AM
from the taking-a-stand dept.

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.

Posted
by
BeauHDon Thursday December 01, 2016 @04:55PM
from the times-they-are-a-changin dept.

bulled writes: In the middle of a press release discussing the move of employees from Seattle to California, Cyanogen Inc notes that it has parted ways with Steve Kondik. It is unclear what this means for the future of CyanogenMod. NDTV reports: "Kondik took to the official CyanogenMod developer Google+ community recently where he voiced what he thought were the reasons behind Cyanogen's plight and blamed Kirt McMaster, Cyanogen's Co-Founder. 'I've been pretty quiet about the stuff that's been going on but I'm at least ready to tell the short version and hopefully get some input on what to do next because CM is very much affected,' wrote Kondik in a private Google+ community first reported by Android Police. According to Kondik's version, Cyanogen's turmoil is way far from being over. He claimed that Cyanogen had seen success thanks to the efforts by the community and the company. Though, this also changed how the company worked. Explaining how it all started to come down, Kondik wrote, 'Unfortunately once we started to see success, my co-founder apparently became unhappy with running the business and not owning the vision. This is when the 'bullet to the head' and other misguided media nonsense started, and the bad business deals were signed. Being second in command, all I could do was try and stop it, do damage control, and hope every day that something new didn't happen. The worst of it happened internally and it became a generally shitty place to work because of all the conflict. I think the backlash from those initial missteps convinced him that what we had needed to be destroyed. By the time I was able to stop it, I was outgunned and outnumbered by a team on the same mission.' Kondik also seemingly confirmed a report from July which claimed Cyanogen may pivot to apps. He further wrote, 'Eventually I tried to salvage it with a pivot that would have brought us closer to something that would have worked, but the new guys had other plans. With plenty of cash in the bank, the new guys tore the place down and will go and do whatever they are going to do. It's probably for the best and I wish them luck, but what I was trying to do, is over.'"

Posted
by
BeauHDon Wednesday November 30, 2016 @07:20PM
from the keep-one-eye-open dept.

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.

Posted
by
BeauHDon Tuesday November 29, 2016 @07:45PM
from the don't-leave-your-computer-unattended dept.

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.

Posted
by
msmash
on Tuesday November 29, 2016 @03:40PM
from the things-russia-likes dept.

The future for one of the few remaining alternative mobile OS platforms, Jolla's Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use. TechCrunch adds:In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple's iOS -- flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point. The government has said it wants to radically reduce its reliance on foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of the market garnered by Android and iOS in 2015. Sailfish's local certification in Russia also follows an announcement earlier this year that a new Russian company, Open Mobile Platform (OMP), had licensed the OS with the intention of developing a custom version of the platform for use in the domestic market. So, in other words, a Russian, strategic 'Android alternative' is currently being built on Sailfish.

Posted
by
msmash
on Monday November 28, 2016 @01:40PM
from the Microsoft-loves-Linux dept.

An anonymous reader shares a Softpedia article: Microsoft has finally acknowledged the potential that the open-source world in general, and Linux in particular, boasts, so the company is exploring its options to expand in this area with every occasion. Most recently, an episode posted on Channel 9 and entitled "Improvements to Bash on Windows and the Windows Console" with senior program manager Rich Turner calls for Linux developers to give up on their platforms for Windows 10. "Fire up a Windows 10 Insiders' build instance and run your code, run your tools, host your website on Apache, access your MySQL database from your Java code," he explained. Turner went on to point out that the Windows subsystem for Linux is there to provide developers with all the necessary tools to code just like they'd do it on Linux, all without losing the advantages of Windows 10. "Whatever it is that you normally do on Linux to build an application: whether it's in Go, in Erlang, in C, whatever you use, please, give it a try on Bash WSL, and importantly file bugs on us. It really makes our life a lot easier and helps us build a product that we can all use and be far more productive with, he continued.Editor's note: The original title from Softpedia was edited because it was misleading. A Microsoft employee doesn't represent the entire company (at least in this instant he wasn't speaking for the company), and at no point has he asked "all Linux developers" to "give up" on Linux.

Posted
by
EditorDavid
on Sunday November 27, 2016 @10:34AM
from the singing-the-body-electric dept.

IEEE Spectrum reports on a "radical new weapon" against brain tumors -- only available since 2015. They profile a typical patient who "wears electrodes on her head all day and night to send an electric field through her brain, trying to prevent any leftover tumor cells from multiplying [and] goes about her business with a shaved head plastered with electrodes, which are connected by wires to a bulky generator she carries in a shoulder bag."
the_newsbeagle writes:
The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients' lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others.
Patients have to re-shave their heads every few days and re-apply all the electrodes, but that's never been a problem, according to one patient. "If you have a condition which has no cure, it's a great motivator."

Posted
by
BeauHDon Friday November 25, 2016 @08:05PM
from the shiny-new dept.

An anonymous reader quotes a report from Windows Central: Microsoft has made several adjustments to its design language over the last few years, starting with Windows 8 and evolving into what we now know as "Microsoft Design Language 2" or MDL2 in Windows 10. With MDL2 being the current design language used throughout Windows 10, Microsoft has plans to begin using a much more streamlined design language with Redstone 3, codenamed Project NEON. Cassim Ketfi at Numerama.com confirms our information and has heard Project NEON called "basically Metro 2." That designation refers to the first Metro design language (nee Modern) that harkens to Windows Media Center up through Windows Phone 7 and Windows 8. Per our sources, Project NEON has been in the works for over a year internally at Microsoft. It builds upon the design language introduced with Windows 10, with its simple and clean interfaces, but adds some much-needed flair to the UI that the current design language just lacks. Details are still scarce, but we hear some of the new designs in the plans include adding more animations and transitions, with the overall goal of making the UI very fluid and "beautiful" compared to the current, almost static UI that is MDL2. One source familiar with Microsoft's plans described NEON as "Very fluid, lots of motion and nice transitions." Some more information about NEON reveals that it serves as a bridge between holographic and augmented reality (AR) and the desktop environment. It's a "UI that transports across devices" with a UX that maps to the physical world. It uses textures, 3D models, lighting and more.

Posted
by
msmash
on Friday November 25, 2016 @12:40PM
from the privacy-woes dept.

An anonymous reader shares a report: To help with the smooth running of Windows 10, and to get an idea of how users interact with the operating system, Microsoft collects telemetry data, which includes information on the device Windows 10 is running on, a list of installed apps, crash dumps, and more. Telemetry data recorded by Windows 10 is, in a nutshell, just technical information about the device the OS is on, and how Windows and any installed software is performing, but it can occasionally include personal information. If you're worried about that, the news that Microsoft is sharing telemetry data with third parties might concern you. Microsoft recently struck a deal with security firm FireEye to provide access to Windows 10 telemetry data, in exchange for having FireEye's iSIGHT Threat Intelligence technology included in its Windows Defender Advanced Threat Protection service. WDATP is an enterprise security product that helps enterprises detect, investigate, and respond to advanced attacks on their networks and is different from the free version of Windows Defender. The upsides of the deal are obvious for both Microsoft and FireEye, and enterprise customers will certainly benefit from the partnership. It's not known exactly what data Microsoft has made available to FireEye, but in a detailed TechNet article on its telemetry gathering the software giant originally said: "Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management."

Posted
by
msmash
on Thursday November 24, 2016 @02:02PM
from the curious-case-of-apple dept.

An anonymous reader writes:Apple has released the open source Darwin code for macOS 10.12 Sierra. The code, located on Apple's open source website, can be accessed via direct link now, although it doesn't yet appear on the site's home page. The release builds on a long-standing library of open source code that dates all the way back to OS X 10.0. There, you'll also find the Open Source Reference Library, developer tools, along with iOS and OS X Server resources. The lowest layers of macOS, including the kernel, BSD portions, and drivers are based mainly on open source technologies, collectively called Darwin. As such, Apple provides download links to the latest versions of these technologies for the open source community to learn and to use.

Posted
by
BeauHDon Thursday November 24, 2016 @08:00AM
from the proof-of-concept dept.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

Posted
by
BeauHDon Tuesday November 22, 2016 @08:00PM
from the resist-the-temptation dept.

A new bug in iOS has surfaced that will cause any iOS device to freeze when trying to view a certain .mp4 video in Safari. YouTube channel EverythingApplePro explains the bug in a video titled "This Video Will CRASH ANY iPhone!" 9to5Mac reports: As you'll see in the video below from EverythingApplePro, viewing a certain video in Safari will cause iOS to essentially overload and gradually become unusable. We won't link the infectious video here for obvious reasons, but you can take our word for it when we say that it really does render your device unusable. It's not apparently clear as to why this happens. The likely reason is that it's simply a corrupted video that's some sort of memory leak and when played, iOS isn't sure how to properly handle it, but there's like more to it than that. Because of the nature of the flaw, it isn't specific to a certain iOS build. As you can see in the video below, playing the video on an iPhone running as far back as iOS 5 will cause the device to freeze and become unusable. Interestingly, with iOS 10.2 beta 3, if you let an iPhone affected by the bug sit there for long enough, it will power off and indefinitely display the spinning wheel that you normally see during the shutdown process. If someone sends you the malicious link and you fall for it, this is luckily a pretty easy problem to fix. All you have to do is hard reboot your device. For any iPhone but the iPhone 7, this can be done by long-pressing the power and Home buttons at the same time. The iPhone 7, of course, uses a new non-mechanical Home button. In order to reboot an iPhone 7, you must long-press the power button and volume down button at the same time.

Posted
by
BeauHDon Tuesday November 22, 2016 @06:00PM
from the user-choice-and-freedom dept.

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.

Posted
by
msmash
on Tuesday November 22, 2016 @01:40PM
from the affinity-for-linux dept.

Reader BrianFagioli writes: After the release of both alpha and beta versions, Fedora 25 is officially here and ready for production machines. If you aren't familiar with the popular Linux-based operating system, please know that it is the distribution of choice for the founder of the Linux kernel, Linus Torvalds. One of the most endearing qualities of Fedora is its focus on only offering truly free open source software. Also, you can always count on a very modern version of the Linux kernel being available. Despite having very up-to-date packages, it is always very stable too. My favorite aspect, however, is the commitment to the GNOME desktop environment; other DEs are available, though. The team says, "Fedora 25 Workstation now makes it easier to for Windows and OS X users to get started, with Fedora Media Writer serving as the default download for those operating systems. This tool helps users find and download the current Fedora release and write it to removable media, like a USB stick, allowing potential Fedora users to 'test drive' the operating system from that media environment. Fedora can then be installed to their systems with the same process".